Lazarus Strikes Again: North Korean Group Behind $55M CoinEx Hack

Table of Contents

• Connecting the Dots
• The CoinEx Hack Unfolded
• Investigation and Response
• Crypto Space Under Siege

North Korea's Lazarus Group, a notorious state-backed hacking organization, is suspected to be the mastermind behind the recent $55 million hack of cryptocurrency exchange CoinEx. 

Connecting the Dots

On-chain investigator ZachXBT uncovered a critical link connecting the attackers to both the CoinEx and Stake.com hacks, raising suspicions of the same group's involvement. ZachXBT's latest update pointed to an Ethereum wallet address that appeared to be under the control of the hackers responsible for both breaches. 

The connection was anything but subtle, with the wallet receiving funds from the Stake.com hack and interacting with the address that received the siphoned CoinEx funds. 

In ZachXBT's words, 

"It appears North Korea is also responsible for the $54M @coinexcom hack from yesterday after they accidentally connected their address to the $41M Stake hack on OP & Polygon."

The CoinEx Hack Unfolded

On September 12, CoinEx witnessed a massive outflow of funds to an address that lacked any prior transaction history. This raised immediate concerns of a security breach, with initial estimates indicating losses of approximately $27 million. As of the latest update, security firm SlowMist has confirmed losses exceeding $55 million.

CoinEx Global acted swiftly to reassure its users, stating that their assets were secure and promising "100% compensation" for those affected by the hack. In a precautionary measure, the exchange temporarily suspended deposits and withdrawals, with a commitment to closely monitor the situation. Furthermore, CoinEx has pledged to release a comprehensive report on the incident in the near future.

Investigation and Response

Following alerts from on-chain investigators, CoinEx confirmed suspicious withdrawals from several hot wallet addresses used to store exchange assets. While the investigation is ongoing, CoinEx has temporarily halted deposits and withdrawals across Ethereum, Tron, and Polygon blockchains, impacting various tokens.

In a bid to rebuild trust and transparency, CoinEx has vowed to provide users with a detailed timeline of the hack alongside a comprehensive report. The exchange has also reaffirmed its commitment to compensating all users who suffered losses in the attack.

Crypto Space Under Siege

This attack on CoinEx Global further compounds the escalating losses incurred due to exploits, hacks, and scams plaguing the cryptocurrency space. A report by cybersecurity firm CertiK revealed that as of August 2023, nearly $1 billion had already been lost to such incidents this year alone. 

In the month of August, malicious attacks drained around $45 million from various sources. The Lazarus Group had previously been confirmed by the US Federal Bureau of Investigation (FBI) as the culprit behind the $41 million theft from Stake.com.

Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.